Bug#805492: /var/lib
Le 29/02/16 03:46, Russell Coker a écrit : On Mon, 29 Feb 2016 02:47:04 AM Laurent Bigonville wrote: Le 28/02/16 11:05, Russell Coker a écrit : the easiest would be to do like fedora and install the modules directly in the /var/lib/selinux//100 store instead of copying/loading them at installation time Do you mean having files in the package under /var/lib? If so that seems like a FHS violation. Why not just keep them under /usr/share/selinux and symlink them? There are a lot of packages that ships files in /var/lib. I'm sure that you can find many ways in which there are a lot of broken packages in Debian or in any other distribution. That said if we have a strong precedent in Debian for doing things a certain way it is an argument for doing more of the same. Are you sure you are not thinking about /var/run? https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard # State information. Persistent data modified by programs as they run, e.g., # databases, packaging system metadata, etc. The above section from the above URL suggests that package maintained files aren't suitable. The description of /usr is: # Secondary hierarchy for read-only user data; contains the majority of # (multi-)user utilities and applications. For /usr/share it says: # Architecture-independent (shared) data. I think that /usr/share is the best place for it. If /var/lib has symlinks into /usr/share then files which aren't changed can be replaced by a package upgrade while files that are modified by utilities can stay modified. Well one could argue that the store is "Persistent data modified by programs as they run" and that we set defaults for this store by installing files from the package. The new store format is actually the following: /var/lib/selinux//100/... << modules shipped by the distribution /var/lib/selinux//400/... << modules loaded by the user using semodules (the priority can be changed on the cmd line) So by default the user shouldn't interfere with the files we are shipping, we could add a warning in the NEWS or README file to warn the user about this. BTW, the files in this new store are not in the same format (HLL) as the (.pp) files shipped currently in /usr/lib/selinux, they are processed by a "compiler" (/usr/lib/selinux/hll/pp) and stored in the CIL format in /var/lib/selinux//..., so we cannot simply link the files from /usr/share/selinux to /var/lib/selinux
Bug#805492: /var/lib
On Mon, 29 Feb 2016 02:47:04 AM Laurent Bigonville wrote: > Le 28/02/16 11:05, Russell Coker a écrit : > >> the easiest would be to do like fedora and install the modules directly > >> in the /var/lib/selinux//100 store instead of copying/loading > >> them at installation time > > > > Do you mean having files in the package under /var/lib? If so that seems > > like a FHS violation. Why not just keep them under /usr/share/selinux > > and symlink them? > > There are a lot of packages that ships files in /var/lib. I'm sure that you can find many ways in which there are a lot of broken packages in Debian or in any other distribution. That said if we have a strong precedent in Debian for doing things a certain way it is an argument for doing more of the same. > Are you sure you are not thinking about /var/run? https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard # State information. Persistent data modified by programs as they run, e.g., # databases, packaging system metadata, etc. The above section from the above URL suggests that package maintained files aren't suitable. The description of /usr is: # Secondary hierarchy for read-only user data; contains the majority of # (multi-)user utilities and applications. For /usr/share it says: # Architecture-independent (shared) data. I think that /usr/share is the best place for it. If /var/lib has symlinks into /usr/share then files which aren't changed can be replaced by a package upgrade while files that are modified by utilities can stay modified. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/
Bug#805492: /var/lib
Le 28/02/16 11:05, Russell Coker a écrit : the easiest would be to do like fedora and install the modules directly in the /var/lib/selinux//100 store instead of copying/loading them at installation time Do you mean having files in the package under /var/lib? If so that seems like a FHS violation. Why not just keep them under /usr/share/selinux and symlink them? There are a lot of packages that ships files in /var/lib. Are you sure you are not thinking about /var/run?
Bug#805492: /var/lib
> the easiest would be to do like fedora and install the modules directly in > the /var/lib/selinux//100 store instead of copying/loading them at > installation time Do you mean having files in the package under /var/lib? If so that seems like a FHS violation. Why not just keep them under /usr/share/selinux and symlink them? -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/